For most of us, January 21 was a day like any other. But for those tasked with safeguarding our data, it was a watershed moment for privacy. For this was the day when Google, a multinational technology company, was fined £44 million for breaching the European Union’s General Data Protection Regulation (GDPR). And with California, which is home to the largest concentration of tech companies in the world framing its own data protections laws, many believe the fine meted out to Google is just the beginning.
Take Oksana Sokolovsky, an entrepreneur and smart data discovery expert, for example. She believes that both GDPR and the California Consumer Privacy Act (CCPA), which comes into effect next January, are game-changers for regulatory compliance and not just for the Silicon Valley tech titans, but for any large enterprise.
“We all live and work in a data-centric world,” she says. “The internet of things, which has enabled everyday objects to collect and exchange real-time data, has created an abundance of information. With technology moving at such a fast pace, companies receiving the information cannot process it fast enough. The result? Unfathomable and unnavigable ‘lakes’ of data or ‘dark data’ as many in the industry refer to it.”
For Ms Sokolovsky, who is also chief executive and co-founder of Io-Tahoe, a firm specialising in smart data discovery, the consequences of companies failing to act could run into millions of dollars.
Firms need to take a proactive stance or data protection regulators will
“Firms need to take a proactive stance or data protection regulators will,” she warns. “For a chief data officer, there are only three questions that matter. They are: ‘what sensitive data does my enterprise possess?’, ‘where is it stored?’ and ‘why do we have it?’ By addressing these questions, companies can begin to implement the necessary foundational steps. Without them in place, it is impossible to implement the correct regulatory policy and controls needed to safeguard personal data.”
One firm addressing GDPR compliance is Centrica. With more than 25 million customer accounts, the British multinational energy and services company handles a significant amount of data. The problem was that it didn’t know what data it had and where it was housed.
But Centrica did know one thing: if it was to conform to GDPR, it would need forensically to demonstrate to the Information Commissioner’s Office that it had the answers. It therefore decided to embark on a data discovery exercise. However, with 30 billion records, 1,200 databases and 1,500 applications to process, it soon became clear it needed a partner skilled in smart data discovery to enable regulatory compliance.
And that’s when it turned to Io-Tahoe for help. Over a four-month period, working in partnership with Centrica, Io-Tahoe not only helped to enable Centrica’s GDPR compliance, but in shining a spotlight on its dark data, it meant the data relationships Centrica had previously been unable to identify or reconcile were suddenly revealed.
Mike Young, Centrica’s group chief information officer, explains: “Thanks to Io-Tahoe, we have a far better understanding of where all our customers’ personal and sensitive data resides. Doing change programmes, for example, gets you thinking about privacy up front instead of an afterthought. You realise that privacy is not merely a bolt-on and that more and more of what we’re doing is embedded in our technology. This has helped us to address emerging issues like ePR, and has even enabled us to start up a programme for data privacy by design.”
Back at Io-Tahoe’s New York headquarters, Ms Sokolovsky is expecting the phone to keep ringing. “Our product helps enterprises to become GDPR or CCPA compliant, ahead of next year, quickly and efficiently, but with legislation becoming ever stricter, it also demonstrates that while manual data initiatives may have been an option for companies five years ago, they have no place in today’s fast-moving data-driven world.”
For more information please visit: www.io-tahoe.com